+}
+
+sub expandenv {
+       my $val=shift;
+       
+
+       if ($val=~/\$/) {
+               $val=`echo "$val"`;
+               chomp $val;
+       }
+       
+       return $val;
+}
+
+my %trusted;
+sub is_trusted_config {
+       my $config=shift; # must be abs_pathed already
+
+       # We always trust ~/.mrconfig.
+       return 1 if $config eq abs_path("$ENV{HOME}/.mrconfig");
+
+       return 1 if $trust_all;
+
+       my $trustfile=$ENV{HOME}."/.mrtrust";
+
+       if (! %trusted) {
+               $trusted{"$ENV{HOME}/.mrconfig"}=1;
+               if (open (TRUST, "<", $trustfile)) {
+                       while (<TRUST>) {
+                               chomp;
+                               s/^~\//$ENV{HOME}\//;
+                               $trusted{abs_path($_)}=1;
+                       }
+                       close TRUST;
+               }
+       }
+
+       return $trusted{$config};
+}
+
+
+sub is_trusted_repo {
+       my $repo=shift;
+       
+       # Tightly limit what is allowed in a repo name.
+       # No ../, no absolute paths, and no unusual filenames
+       # that might try to escape to the shell.
+       return $repo =~ /^[-_.+\/A-Za-z0-9]+$/ &&
+              $repo !~ /\.\./ && $repo !~ /^\//;
+}
+
+sub is_trusted_checkout {
+       my $command=shift;
+       
+       # To determine if the command is safe, compare it with the
+       # *_trusted_checkout config settings. Those settings are
+       # templates for allowed commands, so make sure that each word
+       # of the command matches the corresponding word of the template.
+       
+       my @words;
+       foreach my $word (split(' ', $command)) {
+               # strip quoting
+               if ($word=~/^'(.*)'$/) {
+                       $word=$1;
+               }
+               elsif ($word=~/^"(.*)"$/) {
+                       $word=$1;
+               }
+
+               push @words, $word;
+       }
+
+       foreach my $key (grep { /_trusted_checkout$/ }
+                        keys %{$config{''}{DEFAULT}}) {
+               my @twords=split(' ', $config{''}{DEFAULT}{$key});
+               next if @words > @twords;
+
+               my $match=1;
+               my $url;
+               for (my $c=0; $c < @twords && $match; $c++) {
+                       if ($twords[$c] eq '$url') {
+                               # Match all the typical characters found in
+                               # urls, plus @ which svn can use. Note
+                               # that the "url" might also be a local
+                               # directory.
+                               $match=(
+                                       defined $words[$c] &&
+                                       $words[$c] =~ /^[-_.+:@\/A-Za-z0-9]+$/
+                               );
+                               $url=$words[$c];
+                       }
+                       elsif ($twords[$c] eq '$repo') {
+                               # If a repo is not specified, assume it
+                               # will be the last path component of the
+                               # url, or something derived from it, and
+                               # check that.
+                               if (! defined $words[$c] && defined $url) {
+                                       ($words[$c])=$url=~/\/([^\/]+)\/?$/;
+                               }
+
+                               $match=(
+                                       defined $words[$c] &&
+                                       is_trusted_repo($words[$c])
+                               );
+                       }
+                       elsif (defined $words[$c] && $words[$c]=~/^($twords[$c])$/) {
+                               $match=1;
+                       }
+                       else {
+                               $match=0;
+                       }
+               }
+               return 1 if $match;
+       }
+
+       return 0;
+}
+
+sub trusterror {
+       my ($err, $file, $line, $url)=@_;
+       
+       if (defined $url) {
+               die "$err in untrusted $url line $line\n".
+                       "(To trust this url, --trust-all can be used; but please use caution;\n".
+                       "this can allow arbitrary code execution!)\n";
+       }
+       else {
+               die "$err in untrusted $file line $line\n".
+                       "(To trust this file, list it in ~/.mrtrust.)\n";
+       }
+}